Closed
Description
ImageMagick 7.0.7-0 Q16 x86_64
Here is the critical code:
if (mng_info->global_plte == (png_colorp) NULL)
mng_info->global_plte=(png_colorp) AcquireQuantumMemory(256, //line 5697
sizeof(*mng_info->global_plte));
for (i=0; i < (ssize_t) (length/3); i++)
{
mng_info->global_plte[i].red=p[3*i];
mng_info->global_plte[i].green=p[3*i+1];
mng_info->global_plte[i].blue=p[3*i+2];
}
AcquireQuantumMemory(...) may return NULL, so mng_info->global_plte[i].xxx will Dereference Null pointer to cause memory error.
Credit: ADLab of Venustech